b"                                                        UNITED STATES DEPARTMENT OF COMMERCE\n                                                        Office of Inspector General\n                                                        Washington, D.C. 20230\n\n\n\n\nJanuary 24, 2012\n\nMEMORANDUM FOR: \t Simon Szykman\n                  Chief Information Officer\n\n\nFROM: \t                       Allen Crawley     ~ C::~---\xc2\xad\n                              Assistant Inspector General for Systems Acquisition\n                                and IT Security\n\n\nSUBJECT:                      Assessment of Key Security Measures Protecting\n                               Department Systems\n\nAs required by the Federal Information Security Management Act of 2002 (FISMA), the Office\nof Inspector General is initiating its fiscal year 2012 audit of the Department's information\nsecurity program and practices. As further mandated by FISMA, we will review a representative\nsubset of Department systems to assess compliance with FISMA requirements.\n\nOur audit objective is to assess the effectiveness of the Department's information security\nprogram and practices by determining whether key security measures adequately protect the\nDepartment's systems and its information. As required by the Office of Management and\nBudget (OMB). we will also complete a FISMA Cyberscope report with various assessments\nand performance measures. These performance measures and the audit report will be\nincorporated into the Secretary's FISMA submission to the Department of Homeland Security.\n\nWe plan to begin this work immediately. The entrance conference is scheduled on January 25,\n20 12, at the CIO Council meeting. We will conduct our fieldwork at selected Department and\ncontractor sites. If you have any questions, please call me at (202) 482-1855 or Dr. Ping Sun at\n(202) 482-6121.\n\n\ncc: \t   Earl Neal, Director, Office of IT Security, Infrastructure and Technology\n        Susan Schultz Searcy, Audit Liaison, Office of the Chief Information Officer\n\x0c"